National security remains high on the government's agenda. Malcolm Crompton says it is time to have a complete debate over the issue and think it through in order to avoid waking up in the Surveillance Society.

In a recent Open Forum blog, Patrick Walsh asks "Australia’s national security legislation: Where are we going?"

Patrick's commentary of itself is OK. It is just that it is like a balance sheet with one side of the balance sheet scrubbed out. It is incomplete.

First, if policing and national security can't afford to store all the data, why should they outsource the cost of doing so to somebody else? They have been outsourcing the cost of law enforcement and national security step by step for years and it is time this process was called to account.

Second, whenever a person or entity is given coercive or covert powers (or worse, both) by statutory fiat, it needs to be held to higher standards of governance and accountability to ensure that those powers are exercised appropriately and in the right circumstances. There is nothing more certain than that mistakes will be made or bad actors will become involved (as so eloquently described by the Attorney-General at the 2014 Security in Government conference) or worse through the conscious intent of the organisation (just ask Edward Snowden). 

When the policy makers don't even know what they are talking about when arguing for the additional powers, that must makes it all the more frightening. The debate about what metadata is and who can do what with it under what circumstances is non-trivial. Remember that TWO top ranking officials who have recently led national security establishments in the USA have indicated just how important metadata is to those bodies. And lethal. General Mike Hayden who has headed both NSA and CIA has observed quite correctly that "We kill people based on metadata", and NSA general counsel Stewart Baker has stated that "Metadata absolutely tells you everything about somebody’s life". In short, metadata matters at least as much as content data. Or to put it another way, metadata is data. For more on this, read "The Snowden Leaks and the Public" by Alan Rusbridger in the New York Review of books, 21 Nov 2013. This article provides links to authoritative sources for BOTH theSE statements and gives analysis.

Third, the governance and accountability processes for national security and possibly law enforcement in Australia appear to be hardly up to scratch to do their jobs. The recently retired National Security Legislation Monitor Bret Walker has said so but been ignored by government.

Worse than that, none of the current advocates of these new powers acknowledge the need for any balance except in passing without putting anything specific on the table. The remarks David Irvine made recently as head of ASIO, for example, stand out as just about the only recognition of the need for this balance yet puts forward nothing specific. 

On top of all this NONE of this is new! As Privacy Commissioner of Australia, I set out the way this kind of policy problem should be addressed more than 10 years ago in the so-called 4As Framework — Analysis / Authority / Accountability / Appraisal — which was nothing more than documenting an age old process for tackling these issues! It is available as "Privacy fact sheet 3: 4A framework — A tool for assessing and implementing new law enforcement and national security powers" on the OAIC website.

We recently wrote a commentary on the 4As framework in the context of the current debate for some European journals, including theLondon based World Data Protection Report and the Swiss based Jusletter-IT.

The time is well overdue for a mature, complete debate over these issues. 

Nobody except some with extreme perspectives would argue that law enforcement and national security agencies need modern tools and powers to do their jobs. 

But please, let's think it through before we do wake up in the Surveillance Society.